This website uses cookies to ensure you have the best experience. Learn more

Security Assessment Essay

2610 words - 11 pages

Security Assessment for JLJ Information Technology Group
By John Jacobs

Table of Contents

Company Description 3

Management Controls 3

Operational Controls 4

Technical Controls 5

Concerns and Recommendations 6

Conclusion 7

References 8

Company Description

JLJ Information Technology Group helps organizations of all sizes to successfully do business online. Their complete portfolio of technology services drives business effectiveness and profitability for many customers not only in the United States but also around the world.
The breadth of their offering extends from helping small businesses ...view middle of the document...

This organization has implemented an Information Security Program (ISP), which is a management system that represents the policies and controls implemented within an organization. Part of this program is effective because it provides both management and users with a detailed understanding of the goals, approach and implemented controls for securing the organization’s information assets, including but not limited to sensitive information (for example, personal information), but does not include risk assessment, risk treatment, and the implementation of security controls.
JLJ IT Group has policies in place to inform employees of the security controls that are in place and to provide information about how the company maintains it’s IT infrastructure. The policies state that upper management is responsible for ensuring that the correct security controls are in place and these policies must achieve compliance with the overall information security goals of the organization, which follow the NIST Special Publication 800-53A.
While reviewing JLJ IT Group’s Management Controls Security policies it was found that the company risk assessment policy was not written in enough detail to where it could be understood what requirements are to be implemented to carry out a minimum risk assessment. When interviewing the employees who performed Risk Assessments, it appeared that a large amount of training is needed on how to perform this task. This training must emphasis that if the NIST Special Publication 800-53A is to be truly followed by this organization then JLJ IT Group will have to be able to identify, quantify and prioritize risk against operational and control objectives and to design, implement, and exercise controls that provide reasonable assurance that the objectives of the company’s management controls will be met and that risk will be managed to an acceptable level. It does not appear that the company knows how to evaluate the impact and likelihood of potential threat, which include calculating the cost of a threat if one were to occur. When calculating cost, costs should be interpreted broadly to include money, resources, time, and loss of reputation among others. This policy also does not go into detail as to whom this policy applies to. It was also found that the JLJ IT Group has no system configuration program or documentation in place to track system changes.

Operational Controls

Per the Federal Information Processing Standard 200 (FIPS 200), Operational Controls are security controls, i.e. safeguards or countermeasures for an information system that are primarily implemented and executed by people as opposed to systems.
In reference to the above definition, the question of “ Has a system security been developed and approved. The answer to that question was “yes” and a copy of the security plan was given for review. It was also found that the security plan every year or when there are changes made to the company’s security...

Other Papers Like Security Assessment

Security Assessment Essay

916 words - 4 pages The residence that will be assessed for security vulnerability is located in Rancocas, New Jersey. The house is situated in a small historic town that is completely encircled with trees. There are currently 125 houses in the community with no prospects for future development. The youngest house within the small town is 135 years old with the oldest being 165 years old. The residence that is being assessed is approximately 2000 square feet

Weaknesses Assignment Phase Ii- Security Assessment And Recommendations

1723 words - 7 pages Running head: Security Assessment and Recommendations Week 6: Weaknesses Assignment Phase II- Security Assessment and Recommendations SE571 Principles of Information Security and Privacy Introduction Aircraft Solutions (AS) is a renowned equipment and component fabrication company with the capability to provide full range designs and implantation solutions to different sectors such as defense, aerospace, commercial and electronics

Computer Security Assessment

567 words - 3 pages for access control. Answer b) If MPS is to strengthen user authentication then biometric techniques will bring a definite improvement by increasing the level of security and being cost effective. That’s because biometric techniques are the authentication methods that use one or more intrinsic physical or behavioural characteristics for recognising an individual. So, there is no question of forgetting passwords or access by some other person

“the Soviet Union Developed Its Influence in Eastern Europe in the Years 1945-1949 Because It Wanted to Guarantee Its Security in the Future”. How Valid Is This Assessment?

1241 words - 5 pages The standard view in the West during the development of the Cold War was that the Soviet Union conducted an expansionist policy which was seen to threaten peace and collective security. The provocative and expansionist nature of Stalin’s foreign policy after 1945 was singled out as the prime cause of the Cold War and, as the Soviet Union sought to expand world communism, the West was forced into taking action to safeguard the free world. However

Risk Consultant

808 words - 4 pages ISSC 363 Risk Consultant 24 January 2016 Risk Consultant A risk assessment is a way to identify, evaluate, quantify, and prioritize risks (Gibson, 2011). They are primarily used to assess the overall security of a network from the eyes of an attacker in order to protect the network from intruders (Schmittling, n.d.). There are no regulations instructing organizations on how systems need to be controlled or

E Governance

564 words - 3 pages . As part of the Infrastructure Assessment Framework, there are several individual assessments that we can provide for you in order to better understand and orient your key business drivers with your current IT infrastructure and proposed roadmaps. Some of the key assessment frameworks that we can deliver for you are : •Technology Assessment •Security Assessment We have several more customized frameworks for specific needs and

Cap Study Guide

5295 words - 22 pages maintained for an information system and in many organizations is assigned responsibility for the day-to-day security operations of a system? a. Information System Security officer 4. Who is responsible for conducting a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an information system to determine the overall effectiveness of the controls? a. system owner, and/or

Assessment 4

600 words - 3 pages Assessment Worksheet Applying OWASP to a Web Security Assessment Web Security Management COM-545 Course Name and Number: _____________________________________________________ Plinio Alves Student Name: ________________________________________________________________ Manh Nguyen Instructor Name: ______________________________________________________________ 10/30/15 Lab Due Date

Design and Evaluate Assessment Activities

1512 words - 7 pages learners within the class. I chose to use verbal feedback within the informal ICT assignment. All learners had previous use of the basic computer system and were all able to navigate between different screens. Informal assessment (see appendix 2a) The informal, ICT assessment had to be created under very stringent guidelines within HMP Birmingham. Online security within the prison is very high and because of this I had to plan the

Information Security Evaluation

633 words - 3 pages attack unsystematically by scanning the cyberspace for defenseless systems. According to SANS Institute (2000-2014), "the present 20 Critical Security Controls are; 1) Inventory of Authorized and Unauthorized Devices 2) Inventory of Authorized and Unauthorized Software 3) Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers 4) Continuous Vulnerability Assessment and Remediation 5

It Audit Guide

4838 words - 20 pages compliance and provide appropriate comment. It provides reference(s) to the ISM’s pertinent control principles and the relevant security controls as defined in the ISM. For the system to be compliant with the requirement, the implemented controls must address the security objective and have reduced the identified risk to an acceptable level, whilst meeting the organisation’s stated goal/s. Guidance for IRAP Assessors |The following assessment

Related Essays

Network Security Assessment Essay

3062 words - 13 pages  Network Security Assessment Prepared for: University of Maryland University College Prepared by: David Yurchak I. Vulnerability Assessments In the same way as other associations in the monetary administrations and different segments, agent merchants (firms) are the objective of digital assaults. The recurrence and complexity of these assaults are expanding, and individual intermediary merchants and the business, in

Riordan Security Assessment Week 5 Essay

3471 words - 14 pages SR-rm-013 Initial Physical, Network, and Web Security Assessment CGMT 441 26 November 2012 SR-rm-013 Initial Physical, Network, and Web Security Assessment Riordan Manufacturing is a global plastics manufacturer employing 550 people with projected annual earnings of $46 million. The company manufactures plastic beverage containers at its plant in Albany, Georgia, custom plastic parts at its plant in Pontiac, Michigan, and plastic fan

Security Assessment For Aircraft Solutions Essay

2494 words - 10 pages Security Assessment for Aircraft Solutions Daniel A. Spencer Submitted to: Professor John Michalek SE571 Principles of Information Security and Privacy Keller Graduate School of Management Submitted: August 26, 2012 Table of Contents Executive Summary 3 Company Overview 3 Security Vulnerabilities 4 Hardware Vulnerability – Absence of a Firewall 4 Policy Vulnerability – Lack of Timely Updates

Applying Owasp To A Web Security Assessment

589 words - 3 pages Assessment Worksheet Applying OWASP to a Web Security Assessment Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you explored the Open Web Application